CVE-2018-15763: PKS leaks IaaS credentials to application logs

Severity

High

Vendor

Pivotal

Description

Pivotal Container Service, versions prior to 1.2.0, contains an information disclosure vulnerability which exposes IaaS credentials to application logs. A malicious user with access to application logs may be able to obtain IaaS credentials and perform actions using these credentials.